Lucene search
+L

1375 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:12 a.m.8 views

CVE-2022-0232

The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loadertext parameter found in the /includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary we...

4.8CVSS5.9AI score0.00856EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:12 a.m.7 views

CVE-2022-0210

The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and...

4.8CVSS5.9AI score0.04362EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.18 views

CVE-2021-41263

railsmultisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker t...

8.8CVSS6.7AI score0.00608EPSS
Exploits0References1
CVE
CVE
added 2026/01/07 9:21 a.m.23 views

CVE-2025-14057

CVE-2025-14057 : The WordPress plugin Multi-column Tag Map is affected by a Stored XSS via the parameter mctm_css_conditional in admin settings. Affected versions are up to 17.0.39, and exploitation requires authenticated admin+ privileges. The vulnerability is specific to WordPress multisite dep...

4.4CVSS4.7AI score0.003EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.7 views

CVE-2025-1267

The Groundhogg plugin for Wordpress is vulnerable to Stored Cross-Site Scripting via the ‘label' parameter in versions up to, and including, 3.7.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access, to...

5.5CVSS6AI score0.00327EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.9 views

CVE-2024-2968

The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.8CVSS5.8AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.12 views

CVE-2024-2956

The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20231101 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.4CVSS5.8AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.9 views

CVE-2024-2963

The Pocket News Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as "Consumer Key" and "Access Token" in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.8CVSS5.8AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.5 views

CVE-2024-2846

The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00287EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.2 views

CVE-2025-15000 Page Keys <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'page_key' Parameter

The Page Keys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagekey’ parameter in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, ...

4.4CVSS4.6AI score0.00189EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/07 6:35 a.m.4 views

CVE-2025-14887 twinklesmtp – Email Service Provider For WordPress <= 1.03 - Authenticated (Administrator+) Stored Cross-Site Scripting via Sender Settings

The twinklesmtp – Email Service Provider For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's sender settings in all versions up to, and including, 1.03 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS4.6AI score0.00203EPSS
Exploits0References7
EUVD
EUVD
added 2025/12/13 6:30 p.m.7 views

EUVD-2025-203231

The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS4.6AI score0.0016EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/13 8:7 a.m.5 views

CVE-2025-4970

The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access an...

5.5CVSS5AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.8 views

CVE-2025-13971

The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS5AI score0.00203EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.5 views

PT-2025-51068

The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS5AI score0.0016EPSS
Exploits0References2
NVD
NVD
added 2025/12/12 4:15 a.m.9 views

CVE-2025-13971

The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS0.00203EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.4 views

CVE-2025-13971 TWW Protein Calculator <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting

The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS4.7AI score0.00203EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/12 3:20 a.m.6 views

EUVD-2025-202980

The DebateMaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color options in the plugin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS4.6AI score0.00268EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.5 views

CVE-2025-14467 WP Job Portal <= 2.4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via Job Description Field

The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.4. This is due to the plugin explicitly whitelisting the tag in its WPJOBPORTALALLOWEDTAGS configuration and using insufficient input sanitization when saving job...

4.4CVSS6AI score0.00211EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/12/06 6:58 a.m.14 views

CVE-2025-12186

The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5AI score0.00173EPSS
Exploits0References1
Rows per page
Query Builder